[SERVER-68122] Investigate replicating the collection WiredTiger config string during initial sync Created: 19/Jul/22 Updated: 14/Dec/23 Resolved: 19/Jan/23 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | 4.4.15 |
| Fix Version/s: | 4.4.19, 5.0.15, 6.3.0-rc0, 6.0.5 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Shreyas Kalyan | Assignee: | Yujin Kang Park |
| Resolution: | Fixed | Votes: | 9 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||||||||||||||||||||||||||||||
| Assigned Teams: |
Storage Execution
|
||||||||||||||||||||||||||||||||||||||||||||
| Backwards Compatibility: | Minor Change | ||||||||||||||||||||||||||||||||||||||||||||
| Operating System: | ALL | ||||||||||||||||||||||||||||||||||||||||||||
| Backport Requested: |
v6.2, v6.0, v5.0, v4.4
|
||||||||||||||||||||||||||||||||||||||||||||
| Sprint: | Execution Team 2023-01-23 | ||||||||||||||||||||||||||||||||||||||||||||
| Participants: | |||||||||||||||||||||||||||||||||||||||||||||
| Case: | (copied to CRM) | ||||||||||||||||||||||||||||||||||||||||||||
| Linked BF Score: | 120 | ||||||||||||||||||||||||||||||||||||||||||||
| Description |
|
A customer has tried to add a mongod with encryption disabled to a replica set in which the other members have encryption enabled. When running getCollectionInfos() on the members of the replica set, some of the collections have the options.storageEngine.wiredTiger.configString option set. This string has "encryption=(keyid=\"admin\",name=AES256-CBC)" set as part of the complete option set. When new member initiates initial sync, it attempts to replicate the collection in its entirety, including the configString. WiredTiger then realizes the conflict between the collection and the mongod config settings and throws BadValue: 22: Invalid argument. This behavior can be replicated by manually setting the configString for a collection like this -
Initially investigated on a 4.4 mongod, have not verified whether this behavior has been fixed in a 5.0+ mongod. These strings have been seen set on system collections, which we do not believe were manually created using create. Because ESE is intended to be configured on a per-node basis, for upgrade/downgrade reasons, we do not expect these options to be replicated in the catalog. Nodes processing collections with these properties set should ignore the durable options and only respect the options defined in their configuration files. |
| Comments |
| Comment by Githook User [ 10/Feb/23 ] | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Author: {'name': 'Yu Jin Kang Park', 'email': 'yujin.kang@mongodb.com', 'username': 'ykangpark'}Message: (cherry picked from commit ef120ac5552574fb9b84d36d842ead8519588c31) | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Comment by Githook User [ 09/Feb/23 ] | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Author: {'name': 'Yu Jin Kang Park', 'email': 'yujin.kang@mongodb.com', 'username': 'ykangpark'}Message: (cherry picked from commit ef120ac5552574fb9b84d36d842ead8519588c31) | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Comment by Githook User [ 25/Jan/23 ] | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Author: {'name': 'Yu Jin Kang Park', 'email': 'yujin.kang@mongodb.com', 'username': 'ykangpark'}Message: (cherry picked from commit ef120ac5552574fb9b84d36d842ead8519588c31) | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Comment by Githook User [ 25/Jan/23 ] | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Author: {'name': 'Yu Jin Kang Park', 'email': 'yujin.kang@mongodb.com', 'username': 'ykangpark'}Message: (cherry picked from commit f17b7ab250bd497a18e44848036874c6916518e3) | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Comment by Githook User [ 19/Jan/23 ] | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Author: {'name': 'Yu Jin Kang Park', 'email': 'yujin.kang@mongodb.com', 'username': 'ykangpark'}Message: | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Comment by Githook User [ 19/Jan/23 ] | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Author: {'name': 'Yu Jin Kang Park', 'email': 'yujin.kang@mongodb.com', 'username': 'ykangpark'}Message: | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Comment by Jean da Silva [ 26/Jul/22 ] | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Hi team, I'm sharing that I also fail on a similar condition on 4.4.15. Initial-sync breaks, and node halts while trying to add a new unencrypted node into an encrypted Replica Set.
Then on the log, we see the collection is created with the encryption option on the replica node:
Failing with the following message:
What bugs me is that is an admin.system collection, and in normal conditions and even encrypted, we don't see that configString information:
But in this case, we see that encryption parameter on configString as you mentioned before:
|